Executive Summary
Summary | |
---|---|
Title | Horde Application Framework: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200805-01 | First vendor Publication | 2008-05-05 |
Vendor | Gentoo | Last vendor Modification | 2008-05-05 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in the Horde Application Framework may lead to the execution of arbitrary files, information disclosure, and allow a remote attacker to bypass security restrictions. Background Description * David Collins, Patrick Pelanne and the HostGator.com LLC support team discovered that the theme preference page does not sanitize POST variables for several options, allowing the insertion of NULL bytes and ".." sequences (CVE-2008-1284). * An error exists in the Horde API allowing users to bypass security restrictions. Impact Workaround Resolution All horde-groupware users should upgrade to the latest version: All horde-kronolith users should upgrade to the latest version: All horde-mnemo users should upgrade to the latest version: All horde-nag users should upgrade to the latest version: All horde-webmail users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-200805-01.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200805-01.xml |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20302 | |||
Oval ID: | oval:org.mitre.oval:def:20302 | ||
Title: | DSA-1519-1 horde3 - information disclosure | ||
Description: | It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the <code>theme</code> preference parameter. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1519-1 CVE-2008-1284 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | horde3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7854 | |||
Oval ID: | oval:org.mitre.oval:def:7854 | ||
Title: | DSA-1519 horde3 -- insufficient input sanitising | ||
Description: | It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1519 CVE-2008-1284 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | horde3 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-02-16 | Name : Fedora Update for horde FEDORA-2008-2362 File : nvt/gb_fedora_2008_2362_horde_fc8.nasl |
2009-02-16 | Name : Fedora Update for horde FEDORA-2008-2406 File : nvt/gb_fedora_2008_2406_horde_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-01 (horde) File : nvt/glsa_200805_01.nasl |
2008-03-19 | Name : Debian Security Advisory DSA 1519-1 (horde3) File : nvt/deb_1519_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42774 | Horde Multiple Products theme Parameter Traversal Local File Inclusion |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_horde-081119.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_horde-5791.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-01.nasl - Type : ACT_GATHER_INFO |
2008-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1519.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2362.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2406.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:48 |
|